A hack on food-delivery service DoorDash leaked the personal data of 4.9 million customers, delivery workers, and merchants, the company revealed on Thursday.
The breach took place on May 4, but DoorDash officials didn't learn of it until earlier this month when they noticed unusual activity involving an unnamed third-party service provider. That's what DoorDash says in post, which began: "We take the security of our community very seriously." Data obtained by the attacker could include names, email addresses, delivery addresses, order histories, phone numbers, and cryptographically hashed and salted passwords.
Also exposed were the last four digits of customers' payment cards and the last four digits of delivery workers' and merchants' bank accounts. Drivers license numbers for about 100,000 delivery workers were also accessed.
DoorDash has no evidence to indicate people who joined the service after April 5, 2018, had their data taken. The 4.9 million figure includes only a portion of users who joined on or before that date. The company said it's in the process of directly notifying those affected.
(Score: 1) by PlasticCogLiquid on Friday September 27 2019, @07:00PM (1 child)
Didn't Protonmail get breached too?
(Score: 0) by Anonymous Coward on Friday September 27 2019, @09:06PM
No?
https://news.ycombinator.com/item?id=18479034 [ycombinator.com]
https://www.reddit.com/r/ProtonMail/comments/9xovso/dont_believe_everything_you_read_online_about/ [reddit.com]
But the real value of ProtonMail is that you can make a free throwaway account. This is increasingly hard to do as other services demand phone numbers and other bullshit.